Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

This afternoon, suddenly my Windows Live Mail isn't working properly: it seems to pull email just fine, but the preview window is blank, and when I open an email to view, the body is blank. It seems to get hung up, and the little blue processing wheel just spins when I have the cursor in the body of the email.

Wondering if that could possibly be a side-effect related to anything we've done the past couple days. It seems to have just started today. Any ideas?

Askey127, I'd like to update you on a couple things, and if you'll indulge me one more step, show the current logs.

First, I obeyed Microsoft and called HP re: the issue I was having with Windows Live Mail. Despite my (better?) judgment, I listened to the tech and reverted to a restore point from 10/14/12, the last showing before the email problems began (but after the malware infection). I explained the malware we had diligently tried to remove, and he assured me that it would not recur. Well, I got email working again, but when I did a new DDS, and SystemLook, it appeared that the malware was still showing, specifically MusicOasis, Tarma Installer, Yahoo! & Companion, and Searchqu.

I did manage to then remove two Poker games from WildTangent, using RevoUninstall, as well as Constant Guard and that Coupon thing (which was a bear because it had left remnants in a number of places). I then retraced every step that you'd given me from the beginning, this time in one sitting, rebooting at every point you asked. If I am reading logs right, it looks like I got rid of or moved via OTL a number of them, but Yahoo!, Searchqu, MusicOasis, and Yontoo may be lingering.

Here is the most recent SystemLook log. I had modified the search parameters to include some of the new malware filenames that I got that were not in the original. Would you mind looking them over and giving your opinion, please? Thanks again, ES

SystemLook 30.07.11 by jpshortstuffLog created at 00:34 on 18/10/2012 by MEACB Fam DesktopAdministrator - Elevation successful

Searching for "Searchqu"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]@="ISearchQueryHelper"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]@="ISearchQueryHelper"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]@="ISearchQueryHelper"

After every step in doing this whole process again, I checked Windows Live Mail to make sure it continued to work (i.e., my emails were previewable and could be opened and read), and it behaved normally. However, I neglected to after the last couple of steps (including the last run of OTL Run Fix and Quick Search, and run of SystemLook).

Now, once again, Windows Live Mail stopped working right--the same problem: emails come in, but are blank, and can't be open and viewed. The "processing" circle just keeps spinning around when the cursor is placed in the email body. I'm at a loss! Any ideas?

EnglishSettlement,I'm not sure of what's going on with Windows Live Mail.For example, DDS and SystemLook do nothing to the system whatever.

The sequence below should get rid of the Yahoo, etc.Those ISearchquery helper items in the Registry are part of Windows, not searchqu.Anything showing in the C:\OTL\Moved Files\ folder is already quarantined and will be removed later.

(If you hit the Clean Up button in OTL when you are really all done, it removes the quarantined items and most of our tools).----------------------------------------------Perform a Custom Fix with OTLRun OTL (Right click and choose "Run as administrator" in Vista/Win7)

In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):

Let the program run unhindered, and click to allow the Reboot when it is done.When the computer Reboots, and you start your usual account, a Notepad text file will appear.

Copy the contents of that file and post it in your next reply. The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

----------------------------------------------After posting the Resulting log, Please Rescan as follows:Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.askey127

Grazie, askey127, for translating the logs for me, and for sticking with me through this. I have no clue what could be messing up Live Mail, but it must be something in the steps we're doing since it has happened the same way twice. Needless to say, I won't be taking HP's advice of using a restore point. I'll try to get MS updates, and see if there's a way of reloading Live Mail or something.

By the way, after I ran the OTL fix and pasted its log below, I got a pop-up window asking if I wanted to run jucheck.exe from Oracle America, Inc. (and showing the Java cup logo). Not knowing what that was or if it were legit, I clicked NO.

I presume the files named Yahoo! and Yahoo! Companion are bogus and have nothing to do with Yahoo! but deviously are given those names as a decoy so people think they are harmless or actually from Yahoo?

Here's the OTL runfix log, followed by the QuickScan log. Oh, before running Quick Scan, I checked Scan All Users, LOP Check and Purity Check, but left the Extra Registry checked as None. If that was incorrect, please let me know and I'll uncheck them and re-run.

EnglishSettlement,Let's go again. I don't like that file in the Windows folder.----------------------------------------------Perform a Custom Fix with OTLRun OTL (Right click and choose "Run as administrator" in Vista/Win7)

In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):

Let the program run unhindered, and click to allow the Reboot when it is done.When the computer Reboots, and you start your usual account, a Notepad text file will appear.

Copy the contents of that file and post it in your next reply. The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

----------------------------------------------After posting the Resulting log, Please Rescan as follows:Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.

To which file in Windows were you referring? btw & fyi, I resolved the Live Mail problem using appwiz.cpl. I was going to uninstall and reinstall it, but when I clicked on Live Essentials, and above clicked Uninstall/Change, it gave me the options of unistalling or repairing. I clicked repair Live Essentials, and that fixed the whole problem--with a lot less headache than just nuking the whole thing.

English,Looks pretty good.If you want to help protect yourself going forward, Installing a HOSTS file will help.It basically blocks thousands of known malicious web sites from accidentally connecting. ---------------------------------------------------------------Disable DNS Client Service. This is necessary when installing a large HOSTS file. From Start, or Start, RunType services.msc in the box and hit <Enter>Give permission to continue if necessary.Scroll down to DNS Client on the list, Right Click it and choose Properties.Under Service Status, click Stop. Wait until it reports the service stopped.Under Startup Type, choose Disabled.Then click Apply, OK

If this part was successful, then proceed:-------------------------------------------------------------Use HostsXpert to Install the HOSTS FileDownload HostsXpert and unzip it to your computer, somewhere where you can find it.

Right click on HostsXpert.exe and "Run as administrator".

Check to see if top button on left hand side says Make Writable ?

If it does. click on it once, then proceed to next instruction. (When you click, the label will change to Make Read Only)

If it already says Make Read Only, just proceed to next instruction

Click on the Download button (lower left hand side)

Click on MVPs Hosts... button.

Click on Replace button.

Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)

When finished.

Click on File Handling button.

Click on Make Read Only ? once, to secure it against infection.(When you click, the label will change to Make Writable?)

Exit the program.

If you have a separate third party firewall, or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.askey127

It looks like that OTL Cleanup deleted some OTL logs that I'd saved on the Desktop, so I guess it worked as planned. I was going to do some cleaning up of my own, removing the remnant logs of all this work: Extras, SystemLook, dds, attach & the OTL runfix txt files--or should I save in a folder for future reference if needed?

Although I've said thanks many times over the course of these postings, it really seems an insufficient way of expressing my true gratitude for all you've done: the time you've spent poring over my logs, typing replies and instructions, and in the process, educating me. This computer isn't even a year old, and I was dismayed when this happened. It fueled my paranoia that "evildoers" lurk the internet, subverting its usefulness and preying upon the unwitting clicker, in this case, my kid. It's regrettable that Google and other search engines aren't more vigilant about blocking malware sites from coming up in search results. Maybe they don't care, they get their one cent per click, regardless.

All that said, you single-handedly partially restored my faith in humankind (partially, only because I know bad guys are still out there), by demonstrating benevolent altruism toward the ignorant (me) and unselfishly taking up my cause and helping. In so doing, you make the world a better place. I too try to practice altrusim, and will pass along your good deed at the next opportunity in whichever way I can, thinking of you in the process. That's a verbose and well-intended way of simply saying THANKS! May that warm feeling of satisfaction from anonymously doing a good thing flare up nice and cozy sometime in January when it's freezing in New Hapshire!

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.